Recent Campaign Unveils New Method of Malicious Software Spread |
---|
During a recent campaign aimed at spreading the malicious software Agenttesla, attackers utilized VBA macros in Word documents to carry out their attacks, as revealed by Sonicwall specialists. This attack method does not rely on a traditional fuel injection approach; instead, the malicious payload is directly loaded into the computer’s operational memory. The malicious program is controlled through the CLR Hosting mechanism, which enables Windows processes to execute the platform. This mechanism comprises various essential components, such as the .NET execution environment, the .NET class library, and the compilers for programming languages. .NET technology is widely used for developing diverse applications, ranging from desktop and web apps to mobile applications, games, and web server services. |
AGENTTESLA, WORD ATTACKS EVADE DETECTION
/Reports, release notes, official announcements.